alpha-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read open/public third-party content (e.g., alpha get <arxiv-id-or-url> for arXiv papers and alpha code <github-url> for GitHub repos), so untrusted user-generated or external webpages can be ingested and directly influence the agent's answers and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime explicitly fetches external repository files and injects them into the agent context (e.g., "alpha code https://github.com/karpathy/nanoGPT src/model.py"), meaning remote GitHub content can directly control prompts/responses.